A vehicle includes a controller area network (CAN) and a plurality of a controllers in communication with each other via the CAN, wherein each controller of the plurality of controllers is configured to time-stamp messages transmitted via the CAN using a vehicle-wide synchronized clock, determine a worst-case transmission delay via the CAN based on the time-stamps for messages received from other controllers of the plurality of controllers, and based on the worse-case transmission delay, set a dynamic recovery timer for a malfunctioning controller of the plurality of controllers to recover after its malfunction, wherein the dynamic recovery timer prevents a particular controller that was malfunctioning but has since recovered from being incorrectly designated as a malfunctioning controller in need of service.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The vehicle of claim 1, wherein the dynamic recovery timer is set to a sum of a predetermined recovery time and the worse-case transmission delay.
3. The vehicle of claim 1, wherein each controller of the plurality of controllers is configured to execute a redundant software routine that is the same or substantially similar to the redundant software routines executable by the remainder of the plurality of controllers.
4. The vehicle of claim 3, wherein the redundant software routine is an autonomous driving or advanced driver assistance (ADAS) software routine.
5. The vehicle of claim 1, wherein each controller of the plurality of controllers is configured to operate as a state machine with one possible state being a malfunction state.
6. The vehicle of claim 1, wherein the particular controller of the plurality of controllers is designated as a malfunctioning controller in need of service when the particular controller fails to recover from its malfunction before the expiration of the dynamic recovery timer.
7. The vehicle of claim 1, wherein the dynamic recovery timer is a quantity of milliseconds.
8. The vehicle of claim 1, wherein the dynamic recovery timer is a quantity of processor cycles.
9. The vehicle of claim 1, wherein the plurality of controllers comprises at least an engine controller, a brake controller, and a steering controller.
11. The method of claim 10, wherein the dynamic recovery timer is set to a sum of a predetermined recovery time and the worse-case transmission delay.
12. The method of claim 10, further comprising executing, by each controller of the plurality of controllers, a redundant software routine that is the same or substantially similar to the redundant software routines executable by the remainder of the plurality of controllers.
13. The method of claim 12, wherein the redundant software routine is an autonomous driving or advanced driver assistance (ADAS) software routine.
14. The method of claim 10, wherein each controller of the plurality of controllers is configured to operate as a state machine with one possible state being a malfunction state.
15. The method of claim 10, further comprising designating the particular controller of the plurality of controllers as a malfunctioning controller in need of service when the particular controller fails to recover from its malfunction before the expiration of the dynamic recovery timer.
16. The method of claim 10, wherein the dynamic recovery timer is a quantity of milliseconds.
17. The method of claim 10, wherein the dynamic recovery timer is a quantity of processor cycles.
18. The method of claim 10, wherein the plurality of controllers comprises at least an engine controller, a brake controller, and a steering controller.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
February 12, 2021
February 21, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.